IE zero day vulnerability

As expected, Microsoft today released a cumulative update for Internet Explorer addressing the zero-day vulnerability in the browser being actively exploited in the wild. Security Update MS 12-063 patches not only the critical remote-execution zero-day, but four other vulnerabilities privately disclosed to Microsoft that are not being exploited.

A researcher at AlienVault has discovered three new servers delivering exploits targeting the latest zero-day vulnerability in Internet Explorer. Jamie Blasco, AlienVault Labs manager, said the one of the servers is delivering a new malware payload, and all of them appear to be targeting defense contractors in the United States and India.

Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.